Linux Permissions with SFTP Question

I am using CentOS 5.5 with OpenSSH 5.7 and am running into a permission issue with SFTP. I have both employees accessing the server from the internal network as well as customers accessing the server from the Internet.

All of the customers are in a group call sftpusers and are chrooted to a directory, using the internal-sftp subsystem of OpenSSH 5.7 for that group.

Inside this directory there are individual directories for each user to upload their files. The directories are setup with the customer's userid as the owner with RW permissions, and a group with RW permissions.

The customer is not in the group that has RWX permissions to the directory. All of our employees are in that group so they can retrieve the files the customers upload to the server.

When the customer uploads a file to the server, the system is defaulting the permissions to 644. How do I get it so the permissions default to 660?

The second question is that when one of our employees places something in the customer's directory via SSH the server assigns it the userid and the primary group of the uploader? How do we get the system to use the parent directories owner and group instead of the uploaders? There are times when we need to place something in the customer's directory for them to retrieve.

The end result is that each customer has their own private directory that other customers can't access but our employees can. Both employees and customers should be able to create, delete, and modify the contents of the individual directories.

I have tried setting the setUID (chmod -R u+s /path to customer directory/customer directory) and setGID (chmod -R g+s /path to customer directory/customer directory) bits but it is not doing what I expect them to do.

Based on the documentation for sshd_config changing the subsystem will remove the in process sftp server and corresponding chroot jail. Since out customers will be access this system, chanigng the subsystem line to use the openssh sftp server is not an option.

Featured Post

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

In this tutorial I will explain how to make squid prevent malwares in five easy steps:
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-…

SSH (Secure Shell) - Tips and Tricks
As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…

Learn how to get help with Linux/Unix bash shell commands.
Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

Learn how to find files with the shell using the find and locate commands.
Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.: